You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Wei-Chiu Chuang (Jira)" <ji...@apache.org> on 2021/04/12 03:54:00 UTC
[jira] [Resolved] (HADOOP-17632) Please upgrade the log4j
dependency to log4j2
[ https://issues.apache.org/jira/browse/HADOOP-17632?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wei-Chiu Chuang resolved HADOOP-17632.
--------------------------------------
Fix Version/s: (was: 3.4.0)
(was: 3.3.0)
Resolution: Duplicate
> Please upgrade the log4j dependency to log4j2
> ---------------------------------------------
>
> Key: HADOOP-17632
> URL: https://issues.apache.org/jira/browse/HADOOP-17632
> Project: Hadoop Common
> Issue Type: Improvement
> Components: common
> Affects Versions: 3.3.0
> Reporter: helen huang
> Priority: Major
>
> The log4j dependency being use by hadoop-common is currently version 1.2.17. Our fortify scan picked up a couple of issues with this dependency. Please upgrade it to the latest version of log4j2 dependencies:
> <dependency>
> <groupId>org.apache.logging.log4j</groupId>
> <artifactId>log4j-api</artifactId>
> <version>2.14.1</version>
> </dependency>
> <dependency>
> <groupId>org.apache.logging.log4j</groupId>
> <artifactId>log4j-core</artifactId>
> <version>2.14.1</version>
> </dependency>
>
> The slf4j dependency will need to be updated as well after you upgrade log4j to log4j2.
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org